From 0f31d8258e7ead5bd3944080e6cec7d4074149e7 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 12 May 2019 20:52:43 +0200
Subject: src: use definitions in include/linux/netfilter/nf_tables.h

Use NFT_LOGLEVEL_* definitions in UAPI.

Make an internal definition of NFT_OSF_F_VERSION, this was originally
defined in the UAPI header in the initial patch version, however, this
is not available anymore.

Add a bison rule to deal with the timeout case.

Otherwise, compilation breaks.

Fixes: d3869cae9d62 ("include: refresh nf_tables.h cached copy")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c     |  2 +-
 src/parser_bison.y | 31 ++++++++++++++++---------------
 src/statement.c    | 24 ++++++++++++------------
 3 files changed, 29 insertions(+), 28 deletions(-)

(limited to 'src')

diff --git a/src/evaluate.c b/src/evaluate.c
index 3593eb80..21d9e146 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2812,7 +2812,7 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct stmt *stmt)
 			return stmt_error(ctx, stmt,
 				  "flags and group are mutually exclusive");
 	}
-	if (stmt->log.level == LOGLEVEL_AUDIT &&
+	if (stmt->log.level == NFT_LOGLEVEL_AUDIT &&
 	    (stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags))
 		return stmt_error(ctx, stmt,
 				  "log level audit doesn't support any further options");
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 9aea6526..9e632c0d 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2414,23 +2414,23 @@ log_arg			:	PREFIX			string
 level_type		:	string
 			{
 				if (!strcmp("emerg", $1))
-					$$ = LOG_EMERG;
+					$$ = NFT_LOGLEVEL_EMERG;
 				else if (!strcmp("alert", $1))
-					$$ = LOG_ALERT;
+					$$ = NFT_LOGLEVEL_ALERT;
 				else if (!strcmp("crit", $1))
-					$$ = LOG_CRIT;
+					$$ = NFT_LOGLEVEL_CRIT;
 				else if (!strcmp("err", $1))
-					$$ = LOG_ERR;
+					$$ = NFT_LOGLEVEL_ERR;
 				else if (!strcmp("warn", $1))
-					$$ = LOG_WARNING;
+					$$ = NFT_LOGLEVEL_WARNING;
 				else if (!strcmp("notice", $1))
-					$$ = LOG_NOTICE;
+					$$ = NFT_LOGLEVEL_NOTICE;
 				else if (!strcmp("info", $1))
-					$$ = LOG_INFO;
+					$$ = NFT_LOGLEVEL_INFO;
 				else if (!strcmp("debug", $1))
-					$$ = LOG_DEBUG;
+					$$ = NFT_LOGLEVEL_DEBUG;
 				else if (!strcmp("audit", $1))
-					$$ = LOGLEVEL_AUDIT;
+					$$ = NFT_LOGLEVEL_AUDIT;
 				else {
 					erec_queue(error(&@1, "invalid log level"),
 						   state->msgs);
@@ -4101,7 +4101,6 @@ ct_key			:	L3PROTOCOL	{ $$ = NFT_CT_L3PROTOCOL; }
 			|	PROTO_DST	{ $$ = NFT_CT_PROTO_DST; }
 			|	LABEL		{ $$ = NFT_CT_LABELS; }
 			|	EVENT		{ $$ = NFT_CT_EVENTMASK; }
-			|	TIMEOUT 	{ $$ = NFT_CT_TIMEOUT; }
 			|	ct_key_dir_optional
 			;
 
@@ -4150,16 +4149,18 @@ ct_stmt			:	CT	ct_key		SET	stmt_expr
 					$$->objref.type = NFT_OBJECT_CT_HELPER;
 					$$->objref.expr = $4;
 					break;
-				case NFT_CT_TIMEOUT:
-					$$ = objref_stmt_alloc(&@$);
-					$$->objref.type = NFT_OBJECT_CT_TIMEOUT;
-					$$->objref.expr = $4;
-					break;
 				default:
 					$$ = ct_stmt_alloc(&@$, $2, -1, $4);
 					break;
 				}
 			}
+			|	CT	TIMEOUT		SET	stmt_expr
+			{
+				$$ = objref_stmt_alloc(&@$);
+				$$->objref.type = NFT_OBJECT_CT_TIMEOUT;
+				$$->objref.expr = $4;
+
+			}
 			|	CT	ct_dir	ct_key_dir_optional SET	stmt_expr
 			{
 				$$ = ct_stmt_alloc(&@$, $3, $2, $5);
diff --git a/src/statement.c b/src/statement.c
index 7f9c10b3..a9e8b3ae 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -256,21 +256,21 @@ struct stmt *objref_stmt_alloc(const struct location *loc)
 	return stmt;
 }
 
-static const char *syslog_level[LOGLEVEL_AUDIT + 1] = {
-	[LOG_EMERG]	= "emerg",
-	[LOG_ALERT]	= "alert",
-	[LOG_CRIT]	= "crit",
-	[LOG_ERR]       = "err",
-	[LOG_WARNING]	= "warn",
-	[LOG_NOTICE]	= "notice",
-	[LOG_INFO]	= "info",
-	[LOG_DEBUG]	= "debug",
-	[LOGLEVEL_AUDIT] = "audit"
+static const char *syslog_level[NFT_LOGLEVEL_MAX + 1] = {
+	[NFT_LOGLEVEL_EMERG]	= "emerg",
+	[NFT_LOGLEVEL_ALERT]	= "alert",
+	[NFT_LOGLEVEL_CRIT]	= "crit",
+	[NFT_LOGLEVEL_ERR]	= "err",
+	[NFT_LOGLEVEL_WARNING]	= "warn",
+	[NFT_LOGLEVEL_NOTICE]	= "notice",
+	[NFT_LOGLEVEL_INFO]	= "info",
+	[NFT_LOGLEVEL_DEBUG]	= "debug",
+	[NFT_LOGLEVEL_AUDIT] 	= "audit"
 };
 
 const char *log_level(uint32_t level)
 {
-	if (level > LOGLEVEL_AUDIT)
+	if (level > NFT_LOGLEVEL_MAX)
 		return "unknown";
 
 	return syslog_level[level];
@@ -280,7 +280,7 @@ int log_level_parse(const char *level)
 {
 	int i;
 
-	for (i = 0; i <= LOGLEVEL_AUDIT; i++) {
+	for (i = 0; i <= NFT_LOGLEVEL_MAX; i++) {
 		if (syslog_level[i] &&
 		    !strcmp(level, syslog_level[i]))
 			return i;
-- 
cgit v1.2.3